Skip to main content
swh:1:snp:dc2a5002442a00b1c0eda7c65d04ea7455e166cd
sort by:
RevisionAuthorDateMessageCommit Date
3d2e575 Matt Caswell03 May 2016, 13:49:52 UTCPrepare for 1.0.1t release Reviewed-by: Rich Salz <rsalz@openssl.org>03 May 2016, 13:49:52 UTC
289cc05 Matt Caswell03 May 2016, 13:49:52 UTCmake update Reviewed-by: Rich Salz <rsalz@openssl.org>03 May 2016, 13:49:52 UTC
0e6b8bf Matt Caswell03 May 2016, 08:37:23 UTCUpdate CHANGES and NEWS for the new release Reviewed-by: Richard Levitte <levitte@openssl.org>03 May 2016, 12:20:26 UTC
f5da52e Dr. Stephen Henson15 April 2016, 01:37:09 UTCFix ASN1_INTEGER handling. Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER tag: V_ASN1_NEG_INTEGER is an internal only value which is never used for on the wire encoding. Thanks to David Benjamin <davidben@google.com> for reporting this bug. This was found using libFuzzer. RT#4364 (part)CVE-2016-2108. Reviewed-by: Emilia Käsper <emilia@openssl.org>03 May 2016, 12:06:36 UTC
4159f31 Kurt Roeckx16 April 2016, 21:08:56 UTCCheck that we have enough padding characters. Reviewed-by: Emilia Käsper <emilia@openssl.org> CVE-2016-2107 MR: #257203 May 2016, 12:06:36 UTC
e903aaf Matt Caswell03 May 2016, 11:45:45 UTCRemove some documentation for functions not in 1.0.x A few functions in the recently added EVP_EncodeInit docs don't apply to the 1.0.x branches. Reviewed-by: Richard Levitte <levitte@openssl.org>03 May 2016, 11:54:06 UTC
fec6d1e Matt Caswell25 April 2016, 10:54:30 UTCAdd documentation for EVP_EncodeInit() and similar functions Reviewed-by: Richard Levitte <levitte@openssl.org>03 May 2016, 10:54:00 UTC
5d20e98 Matt Caswell25 April 2016, 08:06:29 UTCEnsure EVP_EncodeUpdate handles an output length that is too long With the EVP_EncodeUpdate function it is the caller's responsibility to determine how big the output buffer should be. The function writes the amount actually used to |*outl|. However this could go negative with a sufficiently large value for |inl|. We add a check for this error condition. Reviewed-by: Richard Levitte <levitte@openssl.org>03 May 2016, 10:52:53 UTC
5b81448 Matt Caswell04 March 2016, 10:17:17 UTCAvoid overflow in EVP_EncodeUpdate An overflow can occur in the EVP_EncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Due to the very large amounts of data involved this will most likely result in a crash. Internally to OpenSSL the EVP_EncodeUpdate function is primarly used by the PEM_write_bio* family of functions. These are mainly used within the OpenSSL command line applications, so any application which processes data from an untrusted source and outputs it as a PEM file should be considered vulnerable to this issue. User applications that call these APIs directly with large amounts of untrusted data may also be vulnerable. Issue reported by Guido Vranken. CVE-2016-2105 Reviewed-by: Richard Levitte <levitte@openssl.org>03 May 2016, 10:52:53 UTC
2919516 Matt Caswell28 April 2016, 09:46:55 UTCPrevent EBCDIC overread for very long strings ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. Issue reported by Guido Vranken. CVE-2016-2176 Reviewed-by: Andy Polyakov <appro@openssl.org>03 May 2016, 09:28:00 UTC
56ea224 Matt Caswell03 March 2016, 23:36:23 UTCFix encrypt overflow An overflow can occur in the EVP_EncryptUpdate function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate with a partial block then a length check can overflow resulting in a heap corruption. Following an analysis of all OpenSSL internal usage of the EVP_EncryptUpdate function all usage is one of two forms. The first form is like this: EVP_EncryptInit() EVP_EncryptUpdate() i.e. where the EVP_EncryptUpdate() call is known to be the first called function after an EVP_EncryptInit(), and therefore that specific call must be safe. The second form is where the length passed to EVP_EncryptUpdate() can be seen from the code to be some small value and therefore there is no possibility of an overflow. Since all instances are one of these two forms, I believe that there can be no overflows in internal code due to this problem. It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). Therefore I have checked all instances of these calls too, and came to the same conclusion, i.e. there are no instances in internal usage where an overflow could occur. This could still represent a security issue for end user code that calls this function directly. CVE-2016-2106 Issue reported by Guido Vranken. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 3f3582139fbb259a1c3cbb0a25236500a409bf26)03 May 2016, 08:03:16 UTC
1d29506 Dr. Stephen Henson02 May 2016, 16:33:50 UTCFix i2d_X509_AUX: pp can be NULL. Reported by David Benjamin Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 05aef4bbdbc18e7b9490512cdee41e8a608bcc0e)02 May 2016, 21:50:19 UTC
66ce286 Dr. Stephen Henson27 April 2016, 19:27:41 UTCDon't free ret->data if malloc fails. Issue reported by Guido Vranken. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 64eaf6c928f4066d62aa86f805796ef05bd0b1cc)29 April 2016, 20:43:12 UTC
1c81a59 Dr. Stephen Henson28 April 2016, 18:45:44 UTCAdd checks to X509_NAME_oneline() Sanity check field lengths and sums to avoid potential overflows and reject excessively large X509_NAME structures. Issue reported by Guido Vranken. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 9b08619cb45e75541809b1154c90e1a00450e537) Conflicts: crypto/x509/x509.h crypto/x509/x509_err.c29 April 2016, 18:55:56 UTC
0b34cf8 Dr. Stephen Henson28 April 2016, 12:09:27 UTCSanity check buffer length. Reject zero length buffers passed to X509_NAME_onelne(). Issue reported by Guido Vranken. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit b33d1141b6dcce947708b984c5e9e91dad3d675d)29 April 2016, 18:54:06 UTC
53d6c14 Dr. Stephen Henson28 April 2016, 11:55:29 UTCAdd size limit to X509_NAME structure. This adds an explicit limit to the size of an X509_NAME structure. Some part of OpenSSL (e.g. TLS) already effectively limit the size due to restrictions on certificate size. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 295f3a24919157e2f9021d0b1709353710ad63db)29 April 2016, 18:53:47 UTC
6dfa55a Dr. Stephen Henson23 April 2016, 12:33:05 UTCReject inappropriate private key encryption ciphers. The traditional private key encryption algorithm doesn't function properly if the IV length of the cipher is zero. These ciphers (e.g. ECB mode) are not suitable for private key encryption anyway. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit d78df5dfd650e6de159a19a033513481064644f5)27 April 2016, 23:07:20 UTC
a04d08f Matt Caswell25 April 2016, 15:05:55 UTCEnsure we check i2d_X509 return val The i2d_X509() function can return a negative value on error. Therefore we should make sure we check it. Issue reported by Yuan Jochen Kang. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 446ba8de9af9aa4fa3debc7c76a38f4efed47a62)26 April 2016, 13:39:56 UTC
1ee4541 Matt Caswell25 April 2016, 16:45:11 UTCFix a signed/unsigned warning This causes a compilation failure when using --strict-warnings in 1.0.2 and 1.0.1 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit 0ca67644ddedfd656d43a6639d89a6236ff64652)25 April 2016, 18:47:18 UTC
184ebf0 Rich Salz25 April 2016, 12:56:54 UTCFix NULL deref in apps/pkcs7 Thanks to Brian Carpenter for finding and reporting this. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 79356a83b78a2d936dcd022847465d9ebf6c67b1)25 April 2016, 15:46:52 UTC
697283b Viktor Dukhovni20 April 2016, 02:23:24 UTCFix buffer overrun in ASN1_parse(). Backport of commits: 79c7f74d6cefd5d32fa20e69195ad3de834ce065 bdcd660e33710079b495cf5cc6a1aaa5d2dcd317 from master. Reviewed-by: Matt Caswell <matt@openssl.org>23 April 2016, 04:46:32 UTC
3d41105 Dr. Stephen Henson11 April 2016, 12:57:20 UTCHarden ASN.1 BIO handling of large amounts of data. If the ASN.1 BIO is presented with a large length field read it in chunks of increasing size checking for EOF on each read. This prevents small files allocating excessive amounts of data. CVE-2016-2109 Thanks to Brian Carpenter for reporting this issue. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit c62981390d6cf9e3d612c489b8b77c2913b25807)22 April 2016, 23:28:06 UTC
7a43389 David Benjamin14 March 2016, 19:03:07 UTCFix memory leak on invalid CertificateRequest. Free up parsed X509_NAME structure if the CertificateRequest message contains excess data. The security impact is considered insignificant. This is a client side only leak and a large number of connections to malicious servers would be needed to have a significant impact. This was found by libFuzzer. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org> (cherry picked from commit ec66c8c98881186abbb4a7ddd6617970f1ee27a7)07 April 2016, 18:27:45 UTC
f4bed7c Dr. Stephen Henson26 March 2016, 15:00:53 UTCFix FIPS SSLv2 test Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit 21211ade53f92629250bbea5e37d9179a31d3be2)26 March 2016, 16:02:39 UTC
f160807 Matt Caswell17 March 2016, 12:55:02 UTCFix the no-comp option for Windows no-comp on Windows was not actually suppressing compilation of the code, although it was suppressing its use. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit a6406c95984a1009f5676bbcf60cc0d6db107af4)18 March 2016, 12:17:06 UTC
4275ee3 Matt Caswell15 March 2016, 11:51:48 UTCAdd a check for a failed malloc Ensure we check for a NULL return from OPENSSL_malloc Issue reported by Guido Vranken. Reviewed-by: Richard Levitte <levitte@openssl.org>18 March 2016, 11:59:11 UTC
d31b251 Matt Caswell15 March 2016, 11:38:56 UTCEnsure that memory allocated for the ticket is freed If a call to EVP_DecryptUpdate fails then a memory leak could occur. Ensure that the memory is freed appropriately. Issue reported by Guido Vranken. Reviewed-by: Richard Levitte <levitte@openssl.org>18 March 2016, 11:59:11 UTC
4161523 Matt Caswell14 March 2016, 17:06:19 UTCFix a potential double free in EVP_DigestInit_ex There is a potential double free in EVP_DigestInit_ex. This is believed to be reached only as a result of programmer error - but we should fix it anyway. Issue reported by Guido Vranken. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit ffe9150b1508a0ffc9e724f975691f24eb045c05)18 March 2016, 11:44:47 UTC
6629966 Kurt Roeckx09 March 2016, 17:10:52 UTCAdd no-ssl2-method Reviewed-by: Viktor Dukhovni <viktor@openssl.org> MR: #2341 (cherry picked from commit 4256957570a233ed4e9840353e95e623dfd62086)14 March 2016, 20:17:18 UTC
03c71b8 Viktor Dukhovni08 March 2016, 20:30:27 UTCexpose SSLv2 method prototypes Reviewed-by: Kurt Roeckx <kurt@openssl.org>09 March 2016, 08:13:06 UTC
5bac9d4 Viktor Dukhovni07 March 2016, 21:10:38 UTCRetain SSLv2 methods as functions that return NULL This improves ABI compatibility when symbol resolution is not lazy. Reviewed-by: Richard Levitte <levitte@openssl.org>08 March 2016, 14:08:28 UTC
a159719 Andy Polyakov04 March 2016, 10:39:11 UTCbn/asm/x86[_64]-mont*.pl: complement alloca with page-walking. Some OSes, *cough*-dows, insist on stack being "wired" to physical memory in strictly sequential manner, i.e. if stack allocation spans two pages, then reference to farmost one can be punishable by SEGV. But page walking can do good even on other OSes, because it guarantees that villain thread hits the guard page before it can make damage to innocent one... Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit adc4f1fc25b2cac90076f1e1695b05b7aeeae501) Resolved conflicts: crypto/bn/asm/x86_64-mont.pl crypto/bn/asm/x86_64-mont5.pl Reviewed-by: Richard Levitte <levitte@openssl.org>07 March 2016, 21:16:11 UTC
6e7a1f3 Kurt Roeckx10 January 2016, 12:23:43 UTCRemove LOW from the default Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit 29cce508972f61511318bf8cf7011fae027cddb2)07 March 2016, 17:57:40 UTC
0199251 Dr. Stephen Henson04 March 2016, 18:04:46 UTCDon't shift serial number into sign bit Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 01c32b5e448f6d42a23ff16bdc6bb0605287fa6f)07 March 2016, 15:19:58 UTC
298d823 Dr. Stephen Henson03 March 2016, 23:37:36 UTCSanity check PVK file fields. PVK files with abnormally large length or salt fields can cause an integer overflow which can result in an OOB read and heap corruption. However this is an rarely used format and private key files do not normally come from untrusted sources the security implications not significant. Fix by limiting PVK length field to 100K and salt to 10K: these should be more than enough to cover any files encountered in practice. Issue reported by Guido Vranken. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 5f57abe2b150139b8b057313d52b1fe8f126c952)04 March 2016, 01:26:13 UTC
7315877 Matt Caswell01 March 2016, 13:42:02 UTCPrepare for 1.0.1t-dev Reviewed-by: Richard Levitte <levitte@openssl.org>01 March 2016, 13:42:02 UTC
57ac73f Matt Caswell01 March 2016, 13:40:46 UTCPrepare for 1.0.1s release Reviewed-by: Richard Levitte <levitte@openssl.org>01 March 2016, 13:40:46 UTC
5d2b93a Matt Caswell01 March 2016, 13:40:45 UTCmake update Reviewed-by: Richard Levitte <levitte@openssl.org>01 March 2016, 13:40:45 UTC
f588db9 Matt Caswell01 March 2016, 12:08:33 UTCEnsure mk1mf.pl is aware of no-weak-ssl-ciphers option Update mk1mf.pl to properly handle no-weak-ssl-ciphers Reviewed-by: Richard Levitte <levitte@openssl.org>01 March 2016, 12:42:12 UTC
8954b54 Matt Caswell01 March 2016, 11:00:48 UTCUpdate CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levitte@openssl.org>01 March 2016, 11:51:00 UTC
c582e9d Andy Polyakov11 September 2014, 22:06:00 UTCperlasm/x86_64-xlate.pl: handle inter-bank movd. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 902b30df193afc3417a96ba72a81ed390bd50de3)01 March 2016, 11:27:40 UTC
7f98aa7 Andy Polyakov26 January 2016, 15:25:02 UTCcrypto/bn/x86_64-mont5.pl: constant-time gather procedure. [Backport from master] CVE-2016-0702 Reviewed-by: Richard Levitte <levitte@openssl.org>01 March 2016, 11:27:40 UTC
d7a854c Andy Polyakov26 January 2016, 10:34:41 UTCbn/bn_exp.c: constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF. Performance penalty varies from platform to platform, and even key length. For rsa2048 sign it was observed to reach almost 10%. CVE-2016-0702 Reviewed-by: Richard Levitte <levitte@openssl.org>01 March 2016, 11:24:05 UTC
abd5d8f Viktor Dukhovni19 February 2016, 18:05:11 UTCDisable EXPORT and LOW SSLv3+ ciphers by default Reviewed-by: Emilia Käsper <emilia@openssl.org>01 March 2016, 11:24:02 UTC
a82cfd6 Viktor Dukhovni18 February 2016, 04:22:59 UTCBring SSL method documentation up to date Reviewed-by: Emilia Käsper <emilia@openssl.org>01 March 2016, 11:24:02 UTC
56f1acf Viktor Dukhovni18 February 2016, 02:37:15 UTCDisable SSLv2 default build, default negotiation and weak ciphers. SSLv2 is by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. Mitigation for CVE-2016-0800 Reviewed-by: Emilia Käsper <emilia@openssl.org>01 March 2016, 11:23:45 UTC
8f65132 Matt Caswell22 February 2016, 10:27:18 UTCFix BN_hex2bn/BN_dec2bn NULL ptr/heap corruption In the BN_hex2bn function the number of hex digits is calculated using an int value |i|. Later |bn_expand| is called with a value of |i * 4|. For large values of |i| this can result in |bn_expand| not allocating any memory because |i * 4| is negative. This leaves ret->d as NULL leading to a subsequent NULL ptr deref. For very large values of |i|, the calculation |i * 4| could be a positive value smaller than |i|. In this case memory is allocated to ret->d, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user applications with very large untrusted hex/dec data. This is anticipated to be a rare occurrence. All OpenSSL internal usage of this function uses data that is not expected to be untrusted, e.g. config file data or application command line arguments. If user developed applications generate config file data based on untrusted data then it is possible that this could also lead to security consequences. This is also anticipated to be a rare. Issue reported by Guido Vranken. CVE-2016-0797 Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit c175308407858afff3fc8c2e5e085d94d12edc7d)29 February 2016, 16:40:02 UTC
f16bc6f Kurt Roeckx27 February 2016, 12:38:01 UTCRevert "Don't check RSA_FLAG_SIGN_VER." This reverts commit 23a58779f53a9060c823d00d76b3070cad61d9a3. This broke existing engines that didn't properly implement the sign and verify functions. Reviewed-by: Richard Levitte <levitte@openssl.org> MR: #207727 February 2016, 12:38:01 UTC
a801bf2 Matt Caswell25 February 2016, 13:09:46 UTCFix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 578b956fe741bf8e84055547b1e83c28dd902c73)25 February 2016, 22:48:17 UTC
59a908f Emilia Kasper24 February 2016, 11:59:59 UTCCVE-2016-0798: avoid memory leak in SRP The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid logins. In particular, computations are currently not carried out in constant time. Reviewed-by: Rich Salz <rsalz@openssl.org>25 February 2016, 14:44:21 UTC
3ee48ad FdaSilvaYY19 February 2016, 22:28:52 UTCGH714: missing field initialisation Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 04f2a0b50d219aafcef2fa718d91462b587aa23d)23 February 2016, 18:21:48 UTC
ccb2a61 Dr. Stephen Henson18 February 2016, 12:47:23 UTCFix double free in DSA private key parsing. Fix double free bug when parsing malformed DSA private keys. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. CVE-2016-0705 Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 6c88c71b4e4825c7bc0489306d062d017634eb88)19 February 2016, 14:04:21 UTC
3629c49 Andy Polyakov12 February 2016, 13:07:27 UTCmodes/ctr128.c: pay attention to ecount_buf alignment in CRYPTO_ctr128_encrypt. It's never problem if CRYPTO_ctr128_encrypt is called from EVP, because buffer in question is always aligned within EVP_CIPHER_CTX structure. RT#4218 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 5e4bbeb49fb6522d858703201b5adee9611e7b7b)12 February 2016, 21:01:13 UTC
b0b9f69 Andy Polyakov03 February 2016, 17:21:00 UTCutil/mk1mf.pl: use LINK_CMD instead of LINK variable. Trouble is that LINK variable assignment in make-file interferes with LINK environment variable, which can be used to modify Microsoft's LINK.EXE behaviour. RT#4289 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit d44bb1c31ca00f4359090daa15659c0dd1a08f0d) Resolved conflicts: util/pl/VC-32.pl (cherry picked from commit 0fffd522426c7fc022894c8dd079dc2625c04096)11 February 2016, 20:30:19 UTC
9b6e183 Andy Polyakov09 February 2016, 10:53:11 UTCms/uplink-x86.pl: make it work. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 740b2b9a6cf31b02916a4d18f868e8a95934c083)10 February 2016, 11:57:29 UTC
99a5c8a Kurt Roeckx27 January 2016, 19:31:57 UTCFix CHANGES entry about DSA_generate_parameters_ex Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org> (cherry picked from commit 2b0c11a620c3a3431410c5d56799286f60f60d8d)28 January 2016, 18:56:49 UTC
5d5de78 Richard Levitte28 January 2016, 16:55:11 UTCCorrect number of arguments in BIO_get_conn_int_port macro Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 41a28cb2944a4e1c9d13889757a3bd9f72abeca1)28 January 2016, 17:20:53 UTC
69ff244 Matt Caswell28 January 2016, 14:22:09 UTCPrepare for 1.0.1s-dev Reviewed-by: Richard Levitte <levitte@openssl.org>28 January 2016, 17:06:38 UTC
09ccb58 Matt Caswell28 January 2016, 14:21:21 UTCPrepare for 1.0.1r release Reviewed-by: Richard Levitte <levitte@openssl.org>28 January 2016, 17:06:38 UTC
6210c70 Richard Levitte28 January 2016, 14:18:50 UTCTARFILE wasn't correctly set This solves an earlier cherry-pick mistake. Reviewed-by: Matt Caswell <matt@openssl.org>28 January 2016, 17:06:38 UTC
bea4cb2 Matt Caswell28 January 2016, 12:28:53 UTCFurther updates to CHANGES and NEWS Reviewed-by: Richard Levitte <levitte@openssl.org>28 January 2016, 17:06:38 UTC
5fed60f Matt Caswell27 January 2016, 13:55:05 UTCUpdate CHANGES and NEWS ready for release Update CHANGES and NEWS with details of the issues fixed in the forthcoming release. Reviewed-by: Rich Salz <rsalz@openssl.org>28 January 2016, 17:06:38 UTC
4040a7f Viktor Dukhovni31 December 2015, 03:44:51 UTCBetter SSLv2 cipher-suite enforcement Based on patch by: Nimrod Aviram <nimrod.aviram@gmail.com> CVE-2015-3197 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>28 January 2016, 17:06:38 UTC
8bc643e Matt Caswell17 December 2015, 02:57:20 UTCAlways generate DH keys for ephemeral DH cipher suites Modified version of the commit ffaef3f15 in the master branch by Stephen Henson. This makes the SSL_OP_SINGLE_DH_USE option a no-op and always generates a new DH key for every handshake regardless. This is a follow on from CVE-2016-0701. This branch is not impacted by that CVE because it does not support X9.42 style parameters. It is still possible to generate parameters based on primes that are not "safe", although by default OpenSSL does not do this. The documentation does sign post that using such parameters is unsafe if the private DH key is reused. However to avoid accidental problems or future attacks this commit has been backported to this branch. Issue reported by Antonio Sanso Reviewed-by: Viktor Dukhovni <viktor@openssl.org>28 January 2016, 10:27:55 UTC
126ac21 Richard Levitte19 January 2016, 19:35:41 UTCFix BSD -rpath parameter For BSD systems, Configure adds a shared_ldflags including a reference to the Makefile variable LIBRPATH, but since it must be passed down to Makefile.shared, care must be taken so the value of LIBRPATH doesn't get expanded too early, or it ends up giving an empty string. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit c64879d3f3cc4c7f1c436a9fe3bd109847a23629)19 January 2016, 19:59:31 UTC
5122374 Alessandro Ghedini13 January 2016, 12:49:24 UTCValidate ClientHello session_id field length and send alert on failure RT#4080 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>19 January 2016, 15:42:23 UTC
4c33d58 Prayag Verma18 January 2016, 03:19:09 UTCUpdate license year range to 2016 Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 02f70372470b4dd3b21443bb615292175f5d2c88)19 January 2016, 15:24:52 UTC
e9a6c72 Viktor Dukhovni16 January 2016, 17:57:24 UTCEmpty SNI names are not valid Reviewed-by: Rich Salz <rsalz@openssl.org>17 January 2016, 02:14:02 UTC
00cebd1 Dr. Stephen Henson14 January 2016, 00:25:25 UTCTo avoid possible time_t overflow use X509_time_adj_ex() Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit 9aa00b187a65b1f30789d6274ec31ea86efe7973) Conflicts: apps/x509.c14 January 2016, 03:04:31 UTC
f5fc940 Kurt Roeckx10 January 2016, 12:55:08 UTCChange minimum DH size from 768 to 1024 Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>10 January 2016, 23:13:54 UTC
ff9cef0 Kurt Roeckx02 January 2016, 19:42:27 UTCFile is about s_time, not s_client Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 1918e01c9f915e2eba31a5e2f86f0a5daa4fafb6)10 January 2016, 12:14:52 UTC
737d57d Viktor Dukhovni01 January 2016, 05:51:12 UTCFix X509_STORE_CTX_cleanup() Reviewed-by: Dr. Stephen Henson <steve@openssl.org>05 January 2016, 02:50:01 UTC
b5dbbeb Rich Salz28 December 2015, 19:58:23 UTCRT4202: Update rt URL's. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 41977c53cd04f52b2b5e56d31ace782577620ac3)28 December 2015, 21:41:28 UTC
968bcce Matt Caswell30 November 2015, 16:04:51 UTCAdd some documentation for the OCSP callback functions Describe the usage of the OCSP callback functions on both the client and the server side. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit c52c3b5e11253afabaa62739a8ee1c4c4bddcd53)27 December 2015, 22:05:36 UTC
604f67f Matt Caswell30 November 2015, 13:29:41 UTCEnsure we don't call the OCSP callback if resuming a session It makes no sense to call the OCSP status callback if we are resuming a session because no certificates will be sent. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit 0ac6239955965f58f9dddb4229e8cd58e0dba20d)27 December 2015, 22:05:36 UTC
a7316aa Matt Caswell05 November 2015, 14:52:27 UTCFix error when server does not send CertificateStatus message If a server sends the status_request extension then it may choose to send the CertificateStatus message. However this is optional. We were treating it as mandatory and the connection was failing. Thanks to BoringSSL for reporting this issue. RT#4120 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit 905943af3b43116b64ae815db1a6b9c2f15e0356)27 December 2015, 22:05:36 UTC
1967199 David Benjamin17 December 2015, 19:11:11 UTCFix memory leak in DSA redo case. Found by clang scan-build. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> RT: #4184, MR: #1496 (cherry picked from commit 679d87515d23ca31491effdc264edc81c695a72a)22 December 2015, 10:54:42 UTC
23a5877 Dr. Stephen Henson20 December 2015, 18:18:43 UTCDon't check RSA_FLAG_SIGN_VER. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 6656ba7152dfe4bba865e327dd362ea08544aa80)20 December 2015, 19:28:23 UTC
f9b52eb Richard Levitte02 November 2015, 15:43:28 UTCBIO_s_datagram() ctrl doesn't support SEEK/TELL, so don't pretend it does Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 17592f323ac7dad381cc3b512573c291b1a820c0)19 December 2015, 21:10:32 UTC
0748211 Richard Levitte01 November 2015, 14:56:21 UTCCorrect or add comments indicating what controls belong to what Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 6d97060ee00518efc99c5d89a78529dc111780fb)19 December 2015, 21:10:32 UTC
0dae963 Richard Levitte01 November 2015, 14:45:49 UTCDocument how BIO_get_conn_ip and BIO_get_conn_int_port actually work No dummy arguments. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 7eb51251252ea0b269227d267512b98495f51bc4)19 December 2015, 21:10:32 UTC
f08360a Richard Levitte01 November 2015, 14:42:04 UTCHave BIO_get_conn_int_port use BIO_ctrl instead BIO_int_ctrl BIO_int_ctrl isn't made for the purpose BIO_get_conn_int_port used it for. This also changes BIO_C_GET_CONNECT to actually return the port instead of assigning it to a pointer that was never returned back to the caller. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2a60fccdd9b696e01fddaa268e92ea210beb0e8f)19 December 2015, 21:10:32 UTC
583f4bf Matt Caswell19 December 2015, 14:42:06 UTCFix more URLs mangled by reformat Fix some more URLs mangled by indent in the reformat. These ones don't exist in master so we have a separate commit. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca> Reviewed-by: Richard Levitte <levitte@openssl.org>19 December 2015, 20:40:39 UTC
ff2c19e Matt Caswell19 December 2015, 14:38:17 UTCFix URLs mangled by reformat Some URLs in the source code ended up getting mangled by indent. This fixes it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca> Reviewed-by: Richard Levitte <levitte@openssl.org>19 December 2015, 20:40:39 UTC
e961c7a Richard Levitte18 December 2015, 12:13:31 UTCRemove the "eay" c-file-style indicators Since we don't use the eay style any more, there's no point tryint to tell emacs to use it. Reviewed-by: Ben Laurie <ben@openssl.org>18 December 2015, 12:13:31 UTC
d7f7144 Rich Salz10 December 2015, 17:31:01 UTCProvide better "make depend" warning. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 2e31ef0366d368ac8cf7f5ecc9052bff27337799)16 December 2015, 22:47:22 UTC
d6af325 Emilia Kasper14 December 2015, 15:38:15 UTCFix a ** 0 mod 1 = 0 for real this time. Commit 2b0180c37fa6ffc48ee40caa831ca398b828e680 attempted to do this but only hit one of many BN_mod_exp codepaths. Fix remaining variants and add a test for each method. Thanks to Hanno Boeck for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit d911097d7c93e4cfeab624b34d73fe51da158b69) (cherry picked from commit 44e4f5b04b43054571e278381662cebd3f3555e6)14 December 2015, 17:27:04 UTC
36be5f7 Richard Levitte14 December 2015, 02:53:06 UTCFix tarball production to keep test/bctest and util/pod2mantest Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 474a53b3a36568d19d7b918ee879efd2707e7c67)14 December 2015, 10:24:24 UTC
f612bdb Matt Caswell04 November 2015, 11:20:50 UTCEnsure |rwstate| is set correctly on BIO_flush A BIO_flush call in the DTLS code was not correctly setting the |rwstate| variable to SSL_WRITING. This means that SSL_get_error() will not return SSL_ERROR_WANT_WRITE in the event of an IO retry. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 67f60be8c9ae5ff3129fcd6238baf124385a41d8)10 December 2015, 12:50:56 UTC
4a53424 Matt Caswell03 November 2015, 14:45:07 UTCFix DTLS handshake fragment retries If using DTLS and NBIO then if a second or subsequent handshake message fragment hits a retry, then the retry attempt uses the wrong fragment offset value. This commit restores the fragment offset from the last attempt. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 2ad226e88bee97847496e542d63c67997d5beda6)10 December 2015, 12:50:55 UTC
d724616 Dr Stephen Henson08 December 2015, 19:10:48 UTCDon't use applink for static builds. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 10119938215298ad414468e7c2779d7fd1a0b979)09 December 2015, 00:30:27 UTC
d27f073 Rich Salz08 December 2015, 21:07:09 UTCRefer to website for acknowledgements. Reviewed-by: Steve Marquess <marquess@openssl.com> (cherry picked from commit ab29c82a55f3583a490733dd521ea6c486e8e2fb)08 December 2015, 21:08:20 UTC
a19244a Richard Levitte08 December 2015, 14:34:52 UTCNot all 'find's know -xtype, use -type instead Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 3cd7aef34d0d414d27ab00abadb99265a2cffde9)08 December 2015, 20:06:34 UTC
cf269a1 Richard Levitte08 December 2015, 11:43:05 UTCAdapt the OS X build to use the OS X tar As part of this, move release creation to a script to be called from .travis.yml. That makes it much easier to test outside of travis. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 382af61f6213e975b4c2a50fd8b9fedd23d86ab5)08 December 2015, 20:06:34 UTC
4305622 Richard Levitte08 December 2015, 11:42:27 UTCMake it possible to affect the way dists are made Introducing DISTTARVARS to propagate changed variables down to the tar-making target. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4d3c30a1799bf7b4dc7223b84417c4de992a6b9c)08 December 2015, 20:06:33 UTC
66a1ccf Richard Levitte08 December 2015, 00:01:13 UTCCleanup the EVP_MD_CTX before exit rather than after Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit c44844d928ad3c471c8dbe8baf2df8957900125b)08 December 2015, 11:07:22 UTC
777adea Richard Levitte07 December 2015, 15:50:15 UTCChange tar owner and group to just 0 It seems like some tar versions don't like the name:id form for --owner and --group. The closest known anonymous user being 0 (root), that seems to be the most appropriate user/group to assign ownership to. It matters very little when unpacking either way. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit b91dd150d2b9b5ddca37722e7f52ea59ba7f80da)07 December 2015, 19:11:05 UTC
6413654 Richard Levitte07 December 2015, 14:56:27 UTCDo not add symlinks in the source release Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 451a5bdf0386d7acf091c3e3b39107e5ed8be25d)07 December 2015, 15:25:18 UTC
1e8a872 Richard Levitte07 December 2015, 14:47:43 UTCIn travis, build from a "source release" rather than from the build tree Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 475fc3d8729190fd12b4ff23d6ec488439fb78f9)07 December 2015, 15:25:13 UTC
3b92a6f Richard Levitte07 December 2015, 14:45:50 UTCSmall changes to creating dists Make TARFILE include ../ instead of having that hard coded all over the place. When transforming file names in TAR_COMMAND, use $(NAME) instead of openssl-$(VERSION) Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4a544810f08539f1549eea9be36bd878c67c8e26)07 December 2015, 15:24:23 UTC
back to top